|
1161
|
5.4 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netw…
|
CWE-74
Injection
|
CVE-2026-42838
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
9.1 |
CRITICAL
Network
|
microsoft
|
dynamics_365
|
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
|
CWE-250
NVD-CWE-noinfo
Execution with Unnecessary Privileges
|
CVE-2026-42833
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
6.5 |
MEDIUM
Local
|
microsoft
|
azure_monitor_agent
|
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
|
CWE-426
Untrusted Search Path
|
CVE-2026-42830
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
7.0 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
|
CWE-416
Use After Free
|
CVE-2026-42825
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
9.9 |
CRITICAL
Network
|
microsoft
|
azure_logic_apps
|
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
|
CWE-284
Improper Access Control
|
CVE-2026-42823
|
2026-05-14 23:25 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
6.2 |
MEDIUM
Local
|
microsoft
|
365_copilot
|
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
|
CWE-284
Improper Access Control
|
CVE-2026-41614
|
2026-05-14 23:25 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
Using libcurl, when a custom `Host:` header is first set for an HTTP request
and a second request is subsequently done using the same *easy handle* but
without the custom `Host:` header set, the seco…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-6276
|
2026-05-14 23:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, libcurl could leak the password used for the first host to the
followed-to host under certain circumstances.
|
NVD-CWE-noinfo
|
CVE-2026-6429
|
2026-05-14 23:18 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
When curl is told to use the Certificate Status Request TLS extension, often
referred to as *OCSP stapling*, to verify that the server certificate is
valid, it fails to detect OCSP problems and inste…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-7009
|
2026-05-14 23:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
7.5 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts wit…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-45109
|
2026-05-14 23:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
